Esempio n. 1
0
        public static bool CreateDatabaseFromRoot(string mysqlHostName, string rootPassword, string serverName,
                                                  string ipAddress, string random)
        {
            if (!(VerifyHostName(serverName) && VerifyHostAddress(ipAddress)))
            {
                if (!Debugger.IsAttached)
                {
                    return(true); // Probable hack attempt - fail silently
                }
            }

            try
            {
                random = random.Trim();

                if (random.Length > 5)               // if UI-enforced maxlength beaten somehow, limit here
                {
                    random = random.Substring(0, 5); // MySQL will hit a maxlength otherwise
                }

                if (string.IsNullOrEmpty(random))
                {
                    random = Authentication.CreateWeakSecret(5);
                }

                SwarmDb.Credentials rootCredentials = new SwarmDb.Credentials("mysql",
                                                                              new SwarmDb.ServerSet(mysqlHostName), "root", rootPassword);

                string readPass  = GenerateLongPassword();
                string writePass = GenerateLongPassword();
                string adminPass = GenerateLongPassword();

                string[] initInstructions =
                    DbCreateScript.Replace("[random]", random)
                    .Replace("[readpass]", readPass)
                    .Replace("[writepass]", writePass)
                    .Replace("[adminpass]", adminPass).Split('#');

                SwarmDb.GetTestDatabase(rootCredentials).ExecuteAdminCommands(initInstructions);

                PermissionsAnalysis permissionsResult = FirstCredentialsTest(
                    "Swarmops-" + random, mysqlHostName, "Swarmops-R-" + random, readPass,
                    "Swarmops-" + random, mysqlHostName, "Swarmops-W-" + random, writePass,
                    "Swarmops-" + random, mysqlHostName, "Swarmops-A-" + random, adminPass,
                    serverName, ipAddress);

                if (!permissionsResult.AllPermissionsOk)
                {
                    throw new InvalidOperationException("waaaaaah");
                }

                return(true);
            }
            catch (Exception)
            {
                return(false);
            }
        }
Esempio n. 2
0
    public static PermissionsAnalysis RecheckDatabasePermissions()
    {
        while (_testReadCredentials == null || _testWriteCredentials == null || _testAdminCredentials == null)
        {
            Thread.Sleep(100);
            // A couple of async race conditions happen as this is called, we need to wait for credentials
        }

        PermissionsAnalysis result = new PermissionsAnalysis();

        // First, test ADMIN

        SwarmDb adminDb = SwarmDb.GetTestDatabase(_testAdminCredentials);

        // Drop table, procedure first just in case there's garbage left behind. Ignore result.
        adminDb.TestDropTable();
        adminDb.TestDropProcedure();

        // All these should pass.
        result.AdminCredentialsCanLogin  = adminDb.TestLogin();
        result.AdminCredentialsCanAdmin  = adminDb.TestCreateTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestDropTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestAlterTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // AND -- all must succeed
        result.AdminCredentialsCanAdmin &= adminDb.TestDropProcedure();
        // Test DROP before we mess up the state of the table, procedure
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // therefore, recreate it after the drop

        if (result.AdminCredentialsCanAdmin)                              // if we have a created table and procedure, otherwise default fail
        {
            result.AdminCredentialsCanExecute = adminDb.TestExecute("Admin Execute");
            result.AdminCredentialsCanSelect  = adminDb.TestSelect();
        }

        // Within the created table, test WRITE and READ accounts before testing them on excessive rights.

        SwarmDb writeDb = SwarmDb.GetTestDatabase(_testWriteCredentials);

        result.WriteCredentialsCanLogin = writeDb.TestLogin();

        if (result.WriteCredentialsCanLogin && result.AdminCredentialsCanAdmin)
        {
            result.WriteCredentialsCanExecute = writeDb.TestExecute("Write Execute");
            result.WriteCredentialsCanSelect  = writeDb.TestSelect();
        }

        SwarmDb readDb = SwarmDb.GetTestDatabase(_testReadCredentials);

        result.ReadCredentialsCanLogin = readDb.TestLogin();

        if (result.ReadCredentialsCanLogin && result.AdminCredentialsCanAdmin)
        {
            result.ReadCredentialsCanExecute = readDb.TestExecute("Read Execute");
            result.ReadCredentialsCanSelect  = readDb.TestSelect();
        }

        // Finally, test the write and read accounts for admin rights. Note the "OR" here rather than "AND" -
        // any one of these rights present should return a true, because it's a fail.

        if (result.ReadCredentialsCanLogin)
        {
            result.ReadCredentialsCanAdmin  = readDb.TestDropProcedure();
            result.ReadCredentialsCanAdmin |= readDb.TestDropTable();
            result.ReadCredentialsCanAdmin |= readDb.TestCreateTable();
            result.ReadCredentialsCanAdmin |= readDb.TestCreateProcedure();
        }

        if (result.WriteCredentialsCanLogin)
        {
            result.WriteCredentialsCanAdmin  = writeDb.TestDropProcedure();
            result.WriteCredentialsCanAdmin |= writeDb.TestDropTable();
            result.WriteCredentialsCanAdmin |= writeDb.TestCreateTable();
            result.WriteCredentialsCanAdmin |= writeDb.TestCreateProcedure();
        }

        // Clean up

        adminDb.TestDropTable(); // ignore result
        adminDb.TestDropProcedure();

        result.AllPermissionsOk =
            result.AdminCredentialsCanLogin &&
            result.AdminCredentialsCanSelect &&
            result.AdminCredentialsCanExecute &&
            result.AdminCredentialsCanAdmin &&
            result.WriteCredentialsCanLogin &&
            result.WriteCredentialsCanSelect &&
            result.WriteCredentialsCanExecute &&
            !result.WriteCredentialsCanAdmin && // not this
            result.ReadCredentialsCanLogin &&
            result.ReadCredentialsCanSelect &&
            !result.ReadCredentialsCanExecute && // not this
            !result.ReadCredentialsCanAdmin;     // not this

        return(result);
    }
Esempio n. 3
0
        public static AjaxCallResult CreateDatabaseFromRoot(string mysqlHostName, string rootPassword, string serverName,
                                                            string ipAddress, string random)
        {
            if (!(VerifyHostName(serverName) && VerifyHostAddress(ipAddress)))
            {
                if (!Debugger.IsAttached)
                {
                    return(new AjaxCallResult {
                        Success = true
                    });                                         // Probable hack attempt - fail silently
                }
            }

            try
            {
                random = random.Trim();

                if (random.Length > 5)               // if UI-enforced maxlength beaten somehow, limit here
                {
                    random = random.Substring(0, 5); // MySQL will hit a maxlength otherwise
                }

                if (string.IsNullOrEmpty(random))
                {
                    random = Authentication.CreateWeakSecret(5);
                }

                SwarmDb.Credentials rootCredentials = new SwarmDb.Credentials("mysql",
                                                                              new SwarmDb.ServerSet(mysqlHostName), "root", rootPassword);

                string readPass  = GenerateLongPassword();
                string writePass = GenerateLongPassword();
                string adminPass = GenerateLongPassword();

                string[] initInstructions =
                    DbCreateScript.Replace("[random]", random)
                    .Replace("[readpass]", readPass)
                    .Replace("[writepass]", writePass)
                    .Replace("[adminpass]", adminPass).Split('#');

                try
                {
                    SwarmDb.GetTestDatabase(rootCredentials).ExecuteAdminCommands(initInstructions);
                }
                catch (DatabaseExecuteException sqlException)
                {
                    return(new AjaxCallResult
                    {
                        Success = false,
                        DisplayMessage = sqlException.AttemptedCommand
                    });
                }

                PermissionsAnalysis permissionsResult = FirstCredentialsTest(
                    "Swarmops-" + random, mysqlHostName, "Swarmops-R-" + random, readPass,
                    "Swarmops-" + random, mysqlHostName, "Swarmops-W-" + random, writePass,
                    "Swarmops-" + random, mysqlHostName, "Swarmops-A-" + random, adminPass,
                    serverName, ipAddress);

                if (!permissionsResult.AllPermissionsOk)
                {
                    // TODO: Return a better exccption detailing exactly what permission isn't set as required

                    return(new AjaxCallResult {
                        Success = false
                    });
                }

                return(new AjaxCallResult {
                    Success = true
                });
            }
            catch (Exception)
            {
                return(new AjaxCallResult {
                    Success = false
                });
            }
        }